what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2015-03-03

Solarwinds Orion Service SQL Injection
Posted Mar 3, 2015
Authored by Brandon Perry

Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP

tags | exploit, remote, web, vulnerability, sql injection
advisories | CVE-2014-9566
MD5 | f0e2b5f5ed02061d55950f46a5449d2d
Red Hat Security Advisory 2015-0288-01
Posted Mar 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0288-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted. All foreman-proxy users are advised to upgrade to these updated packages, which corrects this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3691
MD5 | 013c44bbeaba5cc88f5441cb511e1fd7
Red Hat Security Advisory 2015-0287-01
Posted Mar 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0287-01 - The foreman-proxy package provides a RESTful API to manage DNS, DHCP, TFTP, and Puppet settings, and can be used as part of Foreman. It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted. All foreman-proxy users are advised to upgrade to these updated packages, which corrects this issue.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3691
MD5 | 91219ddea9227e1855d5c771e51ab90e
PHPMoAdmin Remote Code Execution
Posted Mar 3, 2015
Authored by Xelenonz, Pichaya Morimoto, Pistachio, pe3z

PHPMoAdmin suffers from a remote unauthorized code execution vulnerability.

tags | exploit, remote, code execution
MD5 | f0308af8a2c056f4ec495c780d5586bf
Red Hat Security Advisory 2015-0286-01
Posted Mar 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0286-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.4 was retired on March 3, 2015, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 6.4 EUS after March 3, 2015. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date. We encourage customers to migrate from Red Hat Enterprise Linux 6.4 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.

tags | advisory
systems | linux, redhat
MD5 | 15e43f60dd9eb1857a572d501c5a9cd8
Red Hat Security Advisory 2015-0285-01
Posted Mar 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0285-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. This issue was discovered by Liu Wei of Red Hat.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2014-7841
MD5 | bd1aeaf2d6c19f59a2b994f2f739aec3
Red Hat Security Advisory 2015-0284-03
Posted Mar 3, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0284-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change. A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2013-4483, CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-7841, CVE-2014-8160
MD5 | 965ec57c89dca6401eab1ad61522189a
Mandriva Linux Security Advisory 2015-052
Posted Mar 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-052 - Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via a Content-Length header and a Transfer-Encoding: chunked header. Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. Various otehr issues have also been addressed.

tags | advisory, java, remote, web, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227
MD5 | 12214eea7943a02a1491aec04cfda503
Mandriva Linux Security Advisory 2015-053
Posted Mar 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-053 - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service via a malformed chunk size in chunked transfer coding of a request during the streaming of data. java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity issue. Various other issues have also been addressed.

tags | advisory, java, remote, web, denial of service, overflow, arbitrary, xxe
systems | linux, mandriva
advisories | CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227
MD5 | 4fee90ad2412473f904b3b092027885a
Mandriva Linux Security Advisory 2015-051
Posted Mar 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-051 - A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem. This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Sympa web interface newsletter posting area.

tags | advisory, web
systems | linux, mandriva
advisories | CVE-2015-1306
MD5 | f4eb60dc50b418110ffcb43297cf7dc6
Debian Security Advisory 3178-1
Posted Mar 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3178-1 - Jakub Wilk discovered that unace, an utility to extract, test and view .ace archives, contained an integer overflow leading to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ace archive, an attacker could cause a denial of service (application crash) or, possibly, execute arbitrary code.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-2063
MD5 | 121b3cb3a188823e0eeabc74c9407660
Ubuntu Security Notice USN-2506-1
Posted Mar 3, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2506-1 - Armin Razmdjou discovered that contents of locally readable files could be made available via manipulation of form autocomplete in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. Abhishek Arya discovered an out-of-bounds read and write when rendering SVG content in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836
MD5 | 410ade23f97d78b683cb84931702d7e3
GNU Transport Layer Security Library 3.3.13
Posted Mar 3, 2015
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Various updates.
tags | protocol, library
MD5 | a7387fe8bf3e604bf518a6da9ab2a4e6
BEdita CMS 3.5.1 Cross Site Scripting
Posted Mar 3, 2015
Authored by Provensec

BEdita CMS version 3.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | b396f4809eec8362965bd61853eaf9fd
Symantec Web Gateway 5 restore.php Command Injection
Posted Mar 3, 2015
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.

tags | exploit, web
advisories | CVE-2014-7285
MD5 | 7cea620f706dd4d79dc4e3d490634780
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    7 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close